Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http-proxy is vulnerable to denial of service #3510

Closed
Christian24 opened this issue May 15, 2020 · 1 comment · Fixed by #3519 or karronoli/redpen#10
Closed

http-proxy is vulnerable to denial of service #3510

Christian24 opened this issue May 15, 2020 · 1 comment · Fixed by #3519 or karronoli/redpen#10
Labels
released

Comments

@Christian24
Copy link

Hello,

I just found out that http-proxy is vulnerable to denial of service attacks. There is no fix at moment, but it might be worthy to keep an eye on the issue: http-party/node-http-proxy#1446.

Npm security Advisory: https://www.npmjs.com/advisories/1486

Environment Details

  • Karma version (output of karma --version): 5.0.5 (all versions of http-proxy are affected though).

Steps to reproduce the behaviour

  1. Run npm audit
@dhilt dhilt mentioned this issue May 16, 2020
Merged
devoto13 added a commit to devoto13/karma that referenced this issue May 18, 2020
@devoto13
fix(dependencies): update to safe version of http-proxy

Verified

This commit was signed with the committer’s verified signature.
henryiii Henry Schreiner
GPG key ID: B9D0E45146A241E8
Verified
Learn about vigilant mode
8f25438 
Fixes karma-runner#3510
@devoto13 devoto13 mentioned this issue May 18, 2020
Merged
johnjbarton pushed a commit that referenced this issue May 19, 2020
@devoto13
fix(dependencies): update to safe version of http-proxy (#3519)

Verified

This commit was signed with the committer’s verified signature.
henryiii Henry Schreiner
GPG key ID: B9D0E45146A241E8
Verified
Learn about vigilant mode
00347bb 
Fixes #3510
karmarunnerbot pushed a commit that referenced this issue May 19, 2020
@semantic-release-bot
chore(release): 5.0.9 [skip ci]

Verified

This commit was signed with the committer’s verified signature. The key has expired.
mgorny Michał Górny
GPG key ID: 639ADAE2329E240E
Expired
Verified
Learn about vigilant mode
1c09f1c 
## [5.0.9](v5.0.8...v5.0.9) (2020-05-19)

### Bug Fixes

* **dependencies:** update to safe version of http-proxy ([#3519](#3519)) ([00347bb](00347bb)), closes [#3510](#3510)
@karmarunnerbot
Copy link
Member

🎉 This issue has been resolved in version 5.0.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

@karronoli karronoli mentioned this issue Aug 16, 2022
Merged
anthony-redFox pushed a commit to anthony-redFox/karma that referenced this issue May 16, 2023
@devoto13 @anthony-redFox
fix(dependencies): update to safe version of http-proxy (karma-runner…

Verified

This commit was signed with the committer’s verified signature. The key has expired.
mgorny Michał Górny
GPG key ID: 639ADAE2329E240E
Expired
Verified
Learn about vigilant mode
e9a345c 
…#3519)

Fixes karma-runner#3510
anthony-redFox pushed a commit to anthony-redFox/karma that referenced this issue May 16, 2023
@semantic-release-bot @anthony-redFox
chore(release): 5.0.9 [skip ci]

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
5b68321 
## [5.0.9](karma-runner/karma@v5.0.8...v5.0.9) (2020-05-19)

### Bug Fixes

* **dependencies:** update to safe version of http-proxy ([karma-runner#3519](karma-runner#3519)) ([00347bb](karma-runner@00347bb)), closes [karma-runner#3510](karma-runner#3510)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
2 participants
@Christian24 @karmarunnerbot